In the Claims: 



1. (Currently amended) A method of managing alerts issued by intrusion detection sensors (11a, 
1 lb, 1 Ic) of an information security system (1) including an alert management system (13), each 
alert being defined by an alert identifier and an alert content, which method is ohoract e riz e d in 
that it includes the following steps: 

associating with each of the alerts issued by the intrusion detection sensors (1 la, 1 lb, 
1 Ic) a description including a conjunction of valued attributes belonging to attribute domains; 

organizing the valued attributes belonging to each attribute domain into a taxonomic 
structure defining generalization relationships between said valued attributes, the plurality of 
attribute domains thus forming a plurality of taxonomic structures; 

completing the description of each of said alerts with sets of values induced by the 
taxonomic structures on the basis of the valued attributes of said alerts to form complete alerts; 
and 

storing said complete alerts in a logic file system (21) to enable them to be consulted. 

2. (Currently amended) [[A]] TTie method according to claim 1, charaotorized m that wherein 
complete alerts are consulted by successively interrogating and/or browsing said complete alerts 
so that the alert management system (13) responds to a request by supplying pertinent valued 
attributes enabling a subset of complete alerts to be distinguished in a set of complete alerts 
satisfying the request in order to enable said request to be refined. 

3. (Currently amended) [[A]] The method according to claim 2, characterized in that wherein the 
pertinent valued attributes assigned the highest priority are those that are most general, given the 
taxonomic structures. 

4. (Currently amended) [[A]] TTie method according to either claim 2 or claim 3, charactorizod in 
that claim 2, wherein the alert management system (13) fiirther responds to the request by 
supplying alert identifiers satisfying the request and whose description carmot be refined with 
respect to said request. 
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supplying alert identifiers satisfying the request and whose description cannot be refined with 
respect to said request. 

5. (Currently amended) [[A]] The method according to claim 1, charact e riz e d in that wherein the 
alert identifier is a pair consisting of an identifier of the intrusion detection sensor (1 la, 1 lb, 1 Ic) 
that produces the alert and an alert serial number assigned by said sensor. 

6. (Currently amended) [[A]] The method according to claim 1, charact e riz e d in that wherein the 
content of each alert includes a text message supplied by the corresponding intrusion detection 
sensor (11a, lib, 11c). 

7. (Currently amended) [[A]] The method according to any on e of claims 1 to 6, charact e rized in 
feat claim L wherein each valued attribute includes an attribute identifier and an attribute value. 

8. (Currently amended) [[A]] The method according to claim 7, charact e riz e d in that wherein 
each attribute identifier is associated with one of the following attribute domains: attack domain, 
attacker identity domain, victim identity domain, and attack date domain. 

9. (Currently amended) [[A]] The method according to claim 1, charact e riz e d in that wherein the 
description of a given alert is completed by recovering recursively fi"om generalization 
relationships of the taxonomic structures a set including the more general valued attributes not 
already included in the description of another alert completed previously. 

10. (Currently amended) [[A]] The method according to any on e of claims 1 to 9 claim L 
charact e riz e d in that wherein the valued attributes in the taxonomic structure are organized in 
accordance with an acyclic directed graph. 

1 1 . (Currently amended) A computer program charact e riz e d in that it is designed to execute the 
method according to any on e of claims 1 to 10 claim K when it is executed by the alert 
management system (13). 



12. (New) Alert management system for managing alerts issued by intrusion detection sensors 
(1 la, 1 lb, 1 Ic), each alert being defined by an alert identifier and an alert content, which system 
includes: 

processor means for associating with each of the alerts issued by the intrusion detection 
sensors (1 la, 1 lb, 1 Ic) a description including a conjunction of valued attributes belonging to 
attribute domains; 

processor means for organizing the valued attributes belonging to each attribute domain 
into a taxonomic structure defining generalization relationships between said valued attributes, 
the plurality of attribute domains thus forming a plurality of taxonomic structures; 

processor means for completing the description of each of said alerts with sets of values 
induced by the taxonomic structures on the basis of the valued attributes of said alerts to form 
complete alerts; and 

processor means for storing said complete alerts in a logic file system (21) to enable them 
to be consulted. 

13. (New) Information security system comprising intrusion detection sensors and an alert 
management system according to claim 12. 



